Home
Security Hardening
DISA STIG VMware vSphere VCenter 6.x V1R4

DISA STIG VMware vSphere VCenter 6.x V1R4

VCWN-06-000023 – The system must ensure the vpxuser auto-password change meets policy.
Details By default, the vpxuser password will be automatically changed by vCenter every 30 days. Ensure this setting meets your...
VCWN-06-000007 – The system must limit the effects of information-flooding types of Denial of Service (DoS) attacks.
Details DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either...
VCWN-06-000024 – The system must ensure the vpxuser password meets length policy.
Details The vpxuser password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet...
VCWN-06-000008 – The system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.
Details It is critical for the appropriate personnel to be aware if an ESXi host is at risk of failing...
VCWN-06-000009 – The system must use Active Directory authentication.
Details The application must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active...
VCWN-06-000010 – The system must limit the use of the built-in SSO administrative account.
Details Use of the SSO administrator account should be limited as it is a shared account and individual accounts must...
VCWN-06-000012 – The system must disable the distributed virtual switch health check.
Details Network Healthcheck is disabled by default. Once enabled, the healthcheck packets contain information on host#, vds#, port#, which an...
VCWN-06-000013 – The distributed port group Forged Transmits policy must be set to reject.
Details If the virtual machine operating system changes the MAC address, the operating system can send frames with an impersonated...
VCWN-06-000014 – The system must ensure the distributed port group MAC Address Change policy is set to reject.
Details If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC...
VCWN-06-000015 – The system must ensure the distributed port group Promiscuous Mode policy is set to reject.
Details When promiscuous mode is enabled for a virtual switch all virtual machines connected to the Portgroup have the potential...

Prev Next

DISA STIG VMware vSphere VCenter 6.x V1R4

VCWN-06-000023 – The system must ensure the vpxuser auto-password change meets policy.

VCWN-06-000007 – The system must limit the effects of information-flooding types of Denial of Service (DoS) attacks.

VCWN-06-000024 – The system must ensure the vpxuser password meets length policy.

VCWN-06-000008 – The system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.

VCWN-06-000009 – The system must use Active Directory authentication.

VCWN-06-000010 – The system must limit the use of the built-in SSO administrative account.

VCWN-06-000012 – The system must disable the distributed virtual switch health check.

VCWN-06-000013 – The distributed port group Forged Transmits policy must be set to reject.

VCWN-06-000014 – The system must ensure the distributed port group MAC Address Change policy is set to reject.

VCWN-06-000015 – The system must ensure the distributed port group Promiscuous Mode policy is set to reject.